summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--auto/fuzzing75
-rw-r--r--auto/help2
-rw-r--r--auto/make2
-rw-r--r--auto/options4
-rw-r--r--auto/sources9
-rw-r--r--auto/summary2
-rwxr-xr-xconfigure2
-rw-r--r--fuzzing/build-fuzz.sh20
-rw-r--r--fuzzing/oss-fuzz.sh29
9 files changed, 144 insertions, 1 deletions
diff --git a/auto/fuzzing b/auto/fuzzing
new file mode 100644
index 00000000..f792941b
--- /dev/null
+++ b/auto/fuzzing
@@ -0,0 +1,75 @@
+# Copyright (C) NGINX, Inc.
+
+
+if [ -n "$NXT_FUZZ" ]; then
+
+ # Fuzz-Test object files list.
+
+ $echo "NXT_FUZZ_OBJS = \\" >> $NXT_MAKEFILE
+
+ for nxt_src in $NXT_FUZZ_SRCS
+ do
+ nxt_obj=${nxt_src%.c}.o
+ $echo " $NXT_BUILD_DIR/$nxt_obj \\" >> $NXT_MAKEFILE
+ done
+
+
+ # Fuzz-Test executables.
+
+ cat << END >> $NXT_MAKEFILE
+
+.PHONY: fuzz
+fuzz: $NXT_BUILD_DIR/fuzz_basic \\
+ $NXT_BUILD_DIR/fuzz_http_controller \\
+ $NXT_BUILD_DIR/fuzz_http_h1p \\
+ $NXT_BUILD_DIR/fuzz_http_h1p_peer \\
+ $NXT_BUILD_DIR/fuzz_json
+
+$NXT_BUILD_DIR/fuzz_basic: \$(NXT_FUZZ_OBJS) \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+ \$(PP_LD) \$@
+ \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_basic \\
+ \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_basic_fuzz.o \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+ $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+ $NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_controller: \$(NXT_FUZZ_OBJS) \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+ \$(PP_LD) \$@
+ \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_controller \\
+ \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_controller_fuzz.o \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+ $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+ $NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_h1p: \$(NXT_FUZZ_OBJS) \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+ \$(PP_LD) \$@
+ \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p \\
+ \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_fuzz.o \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+ $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+ $NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_h1p_peer: \$(NXT_FUZZ_OBJS) \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+ \$(PP_LD) \$@
+ \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p_peer \\
+ \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_peer_fuzz.o \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+ $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+ $NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_json: \$(NXT_FUZZ_OBJS) \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+ \$(PP_LD) \$@
+ \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_json \\
+ \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_json_fuzz.o \\
+ $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+ $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+ $NXT_FUZZ
+
+END
+
+fi
diff --git a/auto/help b/auto/help
index 8f7553f3..6a6aee19 100644
--- a/auto/help
+++ b/auto/help
@@ -54,6 +54,8 @@ cat << END
--debug enable debug logging
+ --fuzz=ENGINE enable fuzz testing
+
python OPTIONS configure Python module
run "./configure python --help" to see available options
diff --git a/auto/make b/auto/make
index 2788b9f5..de904a43 100644
--- a/auto/make
+++ b/auto/make
@@ -158,7 +158,7 @@ END
# Object files.
-for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_LIB_UNIT_SRCS \
+for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_FUZZ_SRCS $NXT_LIB_UNIT_SRCS \
src/test/nxt_unit_app_test.c \
src/test/nxt_unit_websocket_chat.c \
src/test/nxt_unit_websocket_echo.c
diff --git a/auto/options b/auto/options
index 0550c699..5be1ebe1 100644
--- a/auto/options
+++ b/auto/options
@@ -42,6 +42,8 @@ NXT_TEST_BUILD_HPUX_SENDFILE=NO
NXT_TESTS=NO
+NXT_FUZZ=
+
NXT_HELP=NO
for nxt_option
@@ -125,6 +127,8 @@ do
--tests) NXT_TESTS=YES ;;
+ --fuzz=*) NXT_FUZZ="$value" ;;
+
--help)
. auto/help
exit 0
diff --git a/auto/sources b/auto/sources
index f34d7fd7..dfabf7cf 100644
--- a/auto/sources
+++ b/auto/sources
@@ -307,6 +307,15 @@ if [ $NXT_TESTS = YES ]; then
fi
+NXT_FUZZ_SRCS=" \
+ fuzzing/nxt_basic_fuzz.c \
+ fuzzing/nxt_http_controller_fuzz.c \
+ fuzzing/nxt_http_h1p_fuzz.c \
+ fuzzing/nxt_http_h1p_peer_fuzz.c \
+ fuzzing/nxt_json_fuzz.c \
+"
+
+
NXT_SRCS=" \
src/nxt_main.c \
"
diff --git a/auto/summary b/auto/summary
index dd7a60a0..b6caee6c 100644
--- a/auto/summary
+++ b/auto/summary
@@ -36,4 +36,6 @@ Unit configuration summary:
debug logging: ............. $NXT_DEBUG
+ fuzz engine: ............... "$NXT_FUZZ"
+
END
diff --git a/configure b/configure
index 2cb4d457..50eca39f 100755
--- a/configure
+++ b/configure
@@ -57,6 +57,7 @@ esac
mkdir -p $NXT_BUILD_DIR
mkdir -p $NXT_BUILD_DIR/bin
+mkdir -p $NXT_BUILD_DIR/fuzzing
mkdir -p $NXT_BUILD_DIR/include
mkdir -p $NXT_BUILD_DIR/lib
mkdir -p $NXT_BUILD_DIR/lib/unit/modules
@@ -179,4 +180,5 @@ if [ $NXT_NJS != NO ]; then
fi
. auto/make
+. auto/fuzzing
. auto/summary
diff --git a/fuzzing/build-fuzz.sh b/fuzzing/build-fuzz.sh
new file mode 100644
index 00000000..04f080d9
--- /dev/null
+++ b/fuzzing/build-fuzz.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+export CC=clang
+export CXX=clang++
+export CFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link"
+export CXXFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link"
+export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
+
+./configure --no-regex --no-pcre2 --fuzz=$LIB_FUZZING_ENGINE
+make fuzz -j$(nproc)
+
+mkdir -p build/fuzz_basic_seed
+mkdir -p build/fuzz_http_controller_seed
+mkdir -p build/fuzz_http_h1p_seed
+mkdir -p build/fuzz_http_h1p_peer_seed
+mkdir -p build/fuzz_json_seed
+
+echo ""
+echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed src/fuzz/\${fuzzer}_seed_corpus"
+echo ""
diff --git a/fuzzing/oss-fuzz.sh b/fuzzing/oss-fuzz.sh
new file mode 100644
index 00000000..1fe5ecda
--- /dev/null
+++ b/fuzzing/oss-fuzz.sh
@@ -0,0 +1,29 @@
+#!/bin/bash -eu
+
+# Build unit
+./configure --no-regex --no-pcre2 --fuzz="$LIB_FUZZING_ENGINE"
+make fuzz -j"$(nproc)"
+
+# Copy all fuzzers.
+cp build/fuzz_* $OUT/
+
+# cd into fuzzing dir
+pushd fuzzing/
+cp fuzz_http.dict $OUT/fuzz_http_controller.dict
+cp fuzz_http.dict $OUT/fuzz_http_h1p.dict
+cp fuzz_http.dict $OUT/fuzz_http_h1p_peer.dict
+
+# Create temporary directories.
+cp -r fuzz_http_seed_corpus/ fuzz_http_controller_seed_corpus/
+cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_seed_corpus/
+cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/
+
+zip -r $OUT/fuzz_basic_seed_corpus.zip fuzz_basic_seed_corpus/
+zip -r $OUT/fuzz_http_controller_seed_corpus.zip fuzz_http_controller_seed_corpus/
+zip -r $OUT/fuzz_http_h1p_seed_corpus.zip fuzz_http_h1p_seed_corpus/
+zip -r $OUT/fuzz_http_h1p_peer_seed_corpus.zip fuzz_http_h1p_peer_seed_corpus/
+zip -r $OUT/fuzz_json_seed_corpus.zip fuzz_json_seed_corpus/
+
+# Delete temporary directories.
+rm -r fuzz_http_controller_seed_corpus/ fuzz_http_h1p_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/
+popd